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Challenge 
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Vulnerabilities are the #1 factor in security breaches in 
enterprise organizations. 


>1B 58% 41% 


records are compromised of enterprise of external breaches 
in data breaches annually organizations’ sensitive exploited some manner 
data was compromised of vulnerability 
or breached in the past 
12 months 
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Organizations still struggle with vulnerability 


management. 
Of О О 
О О О 

of vulnerabilities exploited of security breaches in of organizations are 
are known by security and enterprise identify dissatisfied with their 

IT professionals for atleast vulnerabilities as a factor capabilities to analyze and 

one year and can be in the breach prioritize vulnerabilities 
remediated 
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Sources: Gartner, Forrester 


Industry-Level Vulnerability Needs and Pain Points 


Vulnerability Needs and Pain Points Why Current Efforts are Not Enough 
e Government and industry regulations, such as PCI • Home Depot and Target had met their PCI compliance 
: and HIPAA require a regular and active vulnerability requirements, but they still lost payment card data 
Compliance me 
management program. Vulnerability assessment 
tools are used to comply 
e Thousands of new vulnerabilities are introduced every • Attackers exploited the unpatched Heartbleed bug at 
year. Vulnerability managers do not have the time Community Health Systems (CHS) and stole around 4.5 
Overwhelmed and resources to manage them all million patients’ data. The attack happened after the 
vulnerability was disclosed, but CHS was not able to 
respond fast enough 
e With limited resources, vulnerability managers need to • Researchers found that CVSS scores do not place enough 
Threat focus on the most critical vulnerabilities emphasis on variables like the prevalence of exploits in the 
Prioritization wild, leading to inaccurate assessments of criticality and 


wasting resources on remediating the wrong vulnerabilities 


e Remediation is painful and inefficient. Although This hand-off results in remediation delays. The longer the 
vulnerability management and patch management go vulnerability is available, the easier it is for an attacker to 
Remediation hand-in-hand, they are often managed by different stroll in. 
teams within the organization End users want know if compensating controls can offset 


D . . D pun . 

= remediation where upgrades are prohibitively expensive 
m 1 —._ 
= e Clients often use multiple vulnerability scanners, e.g. * These solutions tend to silo results and prevent S&R pros 

о 


Rapid 7 for network, Webinspect for web applications, from getting a clear macro understanding of the 


Many Scanners Imperva for database, and Onapsis for SAP vulnerabilities of high-value assets 


Case Study 


This case study session explains how a large 
services firm with limited resources worked 
with Secureworks for guidance on their 
vulnerability management program and 
leveraged the Qualys Cloud Platform along 
with Secureworks' in-house vulnerability 
management experts to more effectively 
manage and interpret their scans and prioritize 
remediation actions. 
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Client Case Study 


Solutions: 


Challenges: 


e Client was not fully leveraging the Qualys VMS 
platform. 


• Through a short phone call, the client learned how 
to leverage the Qualys VMS platform and quickly 
deployed authenticated scanning — revealing blind 
spots! 


40505 Total QIDs (as of November 2018) 
32625 Authenticated Only QIDs (80%) 
6771 Remote Only QIDs 

1077 Remote and Authenticated QIDs 


Once the client was in a weekly authenticated 
vulnerability scan schedule there was so much data 
they became overwhelmed and needed assistance 
with developing a reporting strategy. They needed to 
present the same data but in a different manner for 
executives, operations teams and auditors. 


• We walked the client through how to create a 
customized report process to suit their needs for 
leadership and compliance purposes. 
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Client Case Study 


Challenges: 


The client was frustrated that there were so many 
vulnerabilities, that he did not know how to prioritize 
which threat he should tackle first. 


The client was disappointed with the lack of progress 
shown reducing their overall vulnerabilities detected, 
despite frequent remediation actions taken by their 
operation team. 


Solutions: 


e We assisted in prioritizing their vulnerabilities with a 
risk-based approach to focus their remediation 
efforts on the ones that will have the highest impact. 


e We assisted the client in creating a scorecard report 
that showed just how effective their actions have 
been, and also provided ongoing tracking and 
reporting on progress of vulnerability remediation 
activities. 
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Other 
Vulnerability 
Management 
Opportunities 
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Overwhelmed 


ASSUMPTION OPPORTUNITY 


Our Secureworks VMS Gold 
team can help you co-manage 
your vulnerability scanner, 
including helping you with 
scheduling scans, importing 
asset groups, configuring 
reports, etc. We are also here 
for any questions that you 
might have. 


We are just getting started 
and my organization has to 
get this vulnerability 


management tool up and 
running. Itis overwhelming, 
and I’m on my own! 
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Threat Prioritization 


ASSUMPTION OPPORTUNITY 


Our Secureworks VMS 
Platinum team goes one step 
further by using your business 


I'm using Qualys Threat 
Protection to prioritize my 
vulnerabilities; therefore | am 
doing everything І сап to 
prioritize threats. 


context and asset criticality 
information to help you further 
prioritize remediation actions. 
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Program Management 
ASSUMPTION OPPORTUNITY 


Our Secureworks VMS 
Platinum team can help you 
We are required to run our with fully managing your 
own vulnerability program in- scans, analyzing reports, 


house, especially because we prioritizing threats, and 
are a large enterprise. working with your IT Ops 
teams to track their progress 
against critical actions. 
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Asset Discovery 


ASSUMPTION OPPORTUNITY 


Asset discovery is not a set-it- 
and-forget-it feature. You 
should have an asset 
management process in 
place. 


| discovered all my assets 


initially. 
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Patching 


ASSUMPTION OPPORTUNITY 


Proactive patching should be 

part of your security program. 
| patch as | discover OE HZ TENE о well Vel 

vulnerabilities to be identified 


ee covered, before patching, but it helps 
| identify CRITICAL ones that 
may have missed by your 

program. 
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Remediation and Executive Reporting 


ASSUMPTION OPPORTUNITY 


By getting executives involved 
with vulnerability and 
remediation actions, it 

becomes a business and risk 
management decision. 

Our VMS Platinum team also 

helps track the progress of 
remediation actions of internal 
or third-party IT Ops teams. 


Vulnerability managers are 
always going to have a tough 


time getting remediation 
actions completed. 
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Thank you! 


Nelrose Viloria 
Product Manager, Vulnerability Mgmt 


Lauren Ashley Zamora 
Engineer, Vulnerability Mgmt 


Questions? 
https://www.secureworks.com/contact/talk-with-an-expert 
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